Security and Privacy by Design

 

The TRUSTe Data Privacy Management (DPM) platform is the foundation of our many data privacy management products and services. TRUSTe designed its DPM software-as-a-service (SaaS) platform with multi-national organizations managing global privacy programs in mind. We implemented industry standard privacy and security measures into the platform to provide the data protection security safeguards global organizations have come to expect.

Protecting the privacy and security of our customer’s business and employee information is a top priority and something TRUSTe takes quite seriously. TRUSTe has achieved SOC 2 certifications and is in the process of adding additional certifications that offer further unique coverage of additional principles.

Platform Design

Our services are delivered using Amazon Web Services (AWS) with multi-zone hosting in a public cloud. We offer the ability to have data reside in Europe via our Irish and German datacenters.

Our cloud delivery employs logical isolation in a secure data center environment. We encrypt data at rest to safeguard any sensitive information We also offer file encryption for all customer documents that are uploaded and stored in our system.

Testing

We test security integrity of our applications and the network via periodic penetration tests and will allow customers to do the same. We perform vulnerability scans quarterly and additional scans are conducted prior to a major release. We can support additional scans at customer requests.

TRUSTe monitors industry security alerts and applies patches per our documented process.

Access Controls

All platform users have unique User IDs and we can integrate with Single Sign-On (SSO) by request so that customers can enforce their own password protection policy.

Certifications and Vendor Assessments

TRUSTe has completed SOC 2 audits. Moreover, our platform solutions are delivered via AWS, and extended the benefit of their many security certifications and accreditations.

We offer a standard vendor assessment that is based on industry best practices, and is available for all customers. For our Enterprise customers, we offer custom vendor assessment responses.

Audit

We have Global Search to support investigation, forensics, eDiscovery or legal compliance.